moved the secure random class from JMSSecurityExtraBundle to Symfony (closes #3595)

1 files changed, 3 insertions, 10 deletions

diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php
index ae1c7d4..e73bbbd 100644
--- a/Core/Encoder/BasePasswordEncoder.php
+++ b/Core/Encoder/BasePasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Util\String;
+
 /**
  * BasePasswordEncoder is the base class for all password encoders.
  *
@@ -77,15 +79,6 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
      */
     protected function comparePasswords($password1, $password2)
     {
-        if (strlen($password1) !== strlen($password2)) {
-            return false;
-        }
-
-        $result = 0;
-        for ($i = 0; $i < strlen($password1); $i++) {
-            $result |= ord($password1[$i]) ^ ord($password2[$i]);
-        }
-
-        return 0 === $result;
+        return String::equals($password1, $password2);
     }
 }